[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scripting

Chris wrote:

> > ...then you can punt the problem back to whoever wrote the script. However,
> > if scripting is in C/C++ then it's very hard to distinguish an end-user-induced
> > error from a genuine error in the game engine itself.
> The alternative is to stick pre and post condition checks in the functions
> that interface with dynamically loaded code. This should cause less overhead
> than an interpreter, but still allow you to say whether it was the script of
> the game that caused a problem. To an extent anyway.

That's *not* going to work.

If the C++ "script" is written like this:

   void myscript ()
     int x [ 10 ] ;

     x [ -12345 ] = 54321 ;  /* Ooops! */

...there is no possible pre-/post- condition check you can do that'll
allow you to know that the bug that shows up 10 minutes later in a completely
different part of the code was caused by this "script"!

In an interpreted language, you can check that every single memory access lies
within the sandbox that this script is allowed to operate within.  It's easy
to write an interpreter that utterly seals off the script from interfering with
the rest of your application.

> > On the idea of transmitting behaviours over the net during game play, I'd
> > have to say that it would be a horrible mistake to transmit C/C++ programs
> > and compile them in the target machine.  That's the kind of dumb thing that
> > Microsoft would think of.  Just think of the possibilities for Virus writers!
> There is a way it can be done I think. I'm working on this because I'm
> relying on a system that will allow the game to pull in new items, AI and
> other game entities from specified "approved" repositories when the user
> requests it (or joins an online game to ensure their copy is up to scratch -
> all with confirmations and so on).

Yes - that's OK - but it implies a measure of trust in your system that's
unlikely to be there for *most* amateur Linux games.

I'd certainly be very nervous about running an OpenSourced game that
connected to an unknown other player if it could download (in effect)
unprotected machine-code without my prior approval.

Doing this kind of thing has always been the number 1 reason that Microsoft
systems are so horribly insecure.  Your system *might* be bullet-proof - but
it's hard for me (as a player) to have confidence that you got it 100% right.

Better by far to utterly limit the power of downloaded code to play only
in it's sandbox.  Think JAVA - not Active-X.

----------------------------- Steve Baker -------------------------------
Mail : <sjbaker1@airmail.net>   WorkMail: <sjbaker@link.com>
URLs : http://www.sjbaker.org
       http://plib.sf.net http://tuxaqfh.sf.net http://tuxkart.sf.net
       http://prettypoly.sf.net http://freeglut.sf.net
       http://toobular.sf.net   http://lodestone.sf.net